From e80f661db8ec9596eb977d6fc537484aa3662e22 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Fri, 12 Sep 2008 04:54:39 +0000
Subject: [PATCH] possible null dereference in dns_acl_isanyornone() [rt18559]

---
 CHANGES       | 3 +++
 lib/dns/acl.c | 5 +++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index b3e646ae93..f8993cbdd4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2439.   [bug]           Potential NULL dereference in dns_acl_isanyornone().
+                        [RT #18559]
+        
 2438.   [bug]		Timeouts could be logged incorrectly under win32.
 
 2437.	[bug]		Sockets could be closed too early, leading to
diff --git a/lib/dns/acl.c b/lib/dns/acl.c
index edb91b328c..767bab4160 100644
--- a/lib/dns/acl.c
+++ b/lib/dns/acl.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: acl.c,v 1.46 2008/09/10 21:52:49 each Exp $ */
+/* $Id: acl.c,v 1.47 2008/09/12 04:54:39 each Exp $ */
 
 /*! \file */
 
@@ -144,10 +144,11 @@ dns_acl_isanyornone(dns_acl_t *acl, isc_boolean_t pos)
 	    acl->iptable->radix->head->prefix == NULL)
 		return (ISC_FALSE);
 
-	if (acl->length != 0 && acl->node_count != 1)
+	if (acl->length != 0 || acl->node_count != 1)
 		return (ISC_FALSE);
 
 	if (acl->iptable->radix->head->prefix->bitlen == 0 &&
+	    acl->iptable->radix->head->data[0] != NULL &&
 	    *(isc_boolean_t *) (acl->iptable->radix->head->data[0]) == pos)
 		return (ISC_TRUE);